Candidate: CVE-2017-7995
PublicDate: 2017-05-03 19:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7995
 https://bugzilla.suse.com/show_bug.cgi?id=1033948
 http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00005.html
Description:
 Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only
 after accessing them, allowing host PCI device space memory reads, leading
 to information disclosure. This is an error in the get_user function. NOTE:
 the upstream Xen Project considers versions before 4.5.x to be EOL.
Ubuntu-Description:
Notes:
 mdeslaur> Older than 4.3 only
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N [3.8 LOW]

Patches_xen:
Tags_xen: universe-binary
upstream_xen: needs-triage
precise_xen: ignored (reached end-of-life)
precise/esm_xen: DNE (precise was needs-triage)
trusty_xen: not-affected
trusty/esm_xen: DNE (trusty was not-affected)
vivid/ubuntu-core_xen: DNE
vivid/stable-phone-overlay_xen: DNE
xenial_xen: not-affected
esm-infra/xenial_xen: not-affected
yakkety_xen: not-affected
zesty_xen: not-affected
devel_xen: not-affected